Vulnerability Development mailing list archives
RE: Thinking about Security rules...
From: "Mendoza Bazan, Luis - (Per)" <luis.mendoza () attla com>
Date: Tue, 14 May 2002 14:33:15 -0500
Hi Rhino, You are looking for a paper that make a product similar to this: http://www.esecurityinc.com/main.asp I hear that this is the best product of this type. Best Regards Luis Mendoza -----Original Message----- From: Rhino Bond [mailto:rhino007_us () yahoo com] Sent: Martes, 14 de Mayo de 2002 12:54 p.m. To: Geoff Galitz; Harvey Newstrom Cc: Ray Parks; vuln-dev Subject: Re: Thinking about Security rules... Folks, Just to clarify what we are looking for. We know how to configure all the seperate parts (routers, firewalls, IDS, etc.). We were wondering if anyone ever wrote a white paper on creating an engine to automate/manage all the individual parts. So far I have found nothing. This is a Herculian project I think... However I want to thank everyone for their contributions to this tread, they were all very interesting. Regards, David David R. Hawley, CEO ~ CISSP UNIX & NT NETWORK SECURITY, LLC 1980 16th St. Ste, P-209 Newport Beach, CA 92663 949-645-5932 --- Geoff Galitz <galitz () chem berkeley edu> wrote:
On Friday, May 10, 2002, at 06:05 PM, Harvey Newstrom wrote:On Thursday, May 9, 2002, at 03:47 pm, Ray Parkswrote:Just remember this aphorism - Depth withoutBreadth is useless.We engaged in a series of experiments withinthe DARPA IA program inwhich we proved that Defense in Depth is anover-rated concept.Layered defenses can actually be weaker than singledefenses becauseadministrators/developers think that anotherlayer is providing thedefense they are ignoring. The results of theseexperiments were recorded in apaper, unfortunately I don't have a cite at thistime.Bottom line - we were able to get throughlayers of defense in depthbecause we could attack each layer in a differentway. This allowedattacks to woogle through to the goal despitemultiple layers ofdefense.I have seen similar studies long ago relating toalarm monitoring.Items being monitored by multiple people had worseresponse times thanitems monitored by a single person! It turned outthat people wouldfrequently be lax and assume that someone else washandling it.I have also seen this scenario in help desk ormessage queues. Someringing phones or e-mails would remain unansweredfor days becauseeverybody was answering other items and assumedthe missed item wouldbe caught by somebody else somewhere.I would point out that the issues cited above are issues of deployment and internal procedure which are separate from the network vulnerability issues. Of course, the two are linked, but the lesson to take home is that the right answer will vary between different organizations. The variables include how well the security operation runs, is it integrated with the general IT organization, how responsive are those teams in general, do they have well-functioning and well-known procedures and so on... One size does not fit all. -geoff
---------------------------------------------------------------------------- ------
Geoff Galitz | UC Berkeley | D'oh! galitz () uclink berkeley edu | http://www.cchem.berkeley.edu/College/unix http://www.cchem.berkeley.edu/~galitz
__________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
Current thread:
- Thinking about Security rules... Rhino Bond (May 08)
- Re: Thinking about Security rules... Peter Kristolaitis (May 08)
- RE: Thinking about Security rules... Sean Convery (May 09)
- Re: Thinking about Security rules... f.harster (May 09)
- Re: Thinking about Security rules... Ray Parks (May 09)
- Re: Thinking about Security rules... f.harster (May 10)
- Re: Thinking about Security rules... Harvey Newstrom (May 10)
- Re: Thinking about Security rules... Geoff Galitz (May 13)
- Re: Thinking about Security rules... Rhino Bond (May 14)
- Re: Thinking about Security rules... Geoff Galitz (May 14)
- Re: Thinking about Security rules... Ray Parks (May 09)
- Re: Thinking about Security rules... Peter Kristolaitis (May 08)
- <Possible follow-ups>
- RE: Thinking about Security rules... Mendoza Bazan, Luis - (Per) (May 14)
- Re: Thinking about Security rules... David Hawley (May 14)